There are many drawbacks associated with existing software security systems. In particular, existing software security systems are typically limited to monitoring events through the host operating system or by observing the network traffic going to and from a program.
This approach is limited to information external to a program. Thus, the prior art is not able to make use of contextual information within a program. As a result, prior art techniques, such as application firewalls and intrusion prevention systems, commonly generate an unacceptable amount of false negatives and false positives.
It would be highly desirable to reduce the number of false negatives and false positives associated with existing software security systems. In addition, it would be highly desirable to detect many broad categories of attacks with more accuracy and precision than possible with existing software security systems.